gitpod icon indicating copy to clipboard operation
gitpod copied to clipboard
verified publisher icon gitpod-io

Prevent Console use in Shared Workspaces

Open Edward13ruf opened this issue 2 years ago • 5 comments

Is your feature request related to a problem? Please describe

When a workspace is shared, it opens up potential security issues. The console allows any visiting user to access the host's environment variables and call commands as if they were the host. This is obviously a concern, but some users may be comfortable with it, whilst others might not be.

Describe the behaviour you'd like

The console should be disabled to all visiting users until the host explicitly enabled it. Visitors can still edit files and view changes, but they cannot execute commands without the hosts approval. Visitors may still see the console though, and can request access which will initiate a pop up on the host's screen.

Additional context

This is very much how LiveShare operates, and for good reason. Sharing workspaces is currently quite a scary prospect for users working on sensitive projects or with elevated permissions that they do not want others to use.

Edward13ruf avatar Oct 18 '23 08:10 Edward13ruf

Thanks for the feedback, @ChevronTango - more granular control on workspace sharing would be great.

It's worth noting that workspace sharing (if required) can be disabled at the organization level: https://www.gitpod.io/changelog/organizational-policy-workspace-sharing

And many 3rd party sharing plugins also work (if that's use to anyone looking for more feature-rich solutions): https://www.gitpod.io/docs/configure/workspaces/collaboration#external-collaboration-plugins

loujaybee avatar Oct 18 '23 17:10 loujaybee

Thanks @loujaybee. We really like the sharing functionality as it's a great way to enable our teams to share and collaborate, particularly when onboarding new team members. It would be a shame to disable it for our org, and it would be great if gitpod natively supported the features we've seen in other collaboration extensions, particularly the security features.

Edward13ruf avatar Oct 18 '23 20:10 Edward13ruf

@ChevronTango Have you tried our VS Code Desktop integration together with Live Share?

akosyakov avatar Oct 18 '23 20:10 akosyakov

@akosyakov we have, and liveshare is well used. We would just prefer gitpod to have the key features included so we didn't have to rely on desktop apps or other extensions. In some of our environments desktop apps aren't an option so it's not a complete solution.

Edward13ruf avatar Oct 18 '23 21:10 Edward13ruf

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

github-actions[bot] avatar May 23 '24 15:05 github-actions[bot]